Autonomous AP as Repeater with LEAP

In the last post we learnt about Repeater configuration and authenticaion via WPA2-PSK. Here is the link : Autonomous AP as Repeater with WPA2

In last post we also learned the basic concept and theoretical knowledge of repeater and there usage.

In this post we will directly conifgure the Root AP/Repeater AP with LEAP Authentication.

Here is the configuration of Root and Repeater AP.

Root AP:

hostname Root-AP
 !
 aaa new-model
 !
 aaa group server radius rad_eap
 server 10.35.80.110 auth-port 1812 acct-port 1813
 !
 aaa authentication login eap_method group rad_eap
 !
 dot11 ssid RSCCIEW
 vlan 80
 authentication network-eap eap_method
 authentication key-management wpa version 2
 infrastructure-ssid
 !
 interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 80 mode ciphers aes-ccm
 !
 ssid RSCCIEW
 !
 station-role root
 !
 interface Dot11Radio0.80
 encapsulation dot1Q 80 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
 !
 interface FastEthernet0.80
 encapsulation dot1Q 80 native
 no ip route-cache
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
 !
 interface BVI1
 ip address 10.35.80.110 255.255.255.0
 no ip route-cache
 !
 ip default-gateway 10.35.80.254
 radius-server local
 nas 10.35.80.110 key 7 070C285F4D06485744
 nas 10.35.80.111 key 7 14141B180F0B7B7977
 user repeater nthash 7 144231535C540C7A77096016074B51332753030D0877705A264F450A09720A7307
 user sandeep nthash 7 101B2A415547345A5F25790801706510064152425325720D7D04075D523D4F780A
 !
 radius-server host 10.35.80.110 auth-port 1812 acct-port 1813 key 7 070C285F4D06485744

Repeater AP:

hostname Repeater-AP
 !
 aaa new-model
 !
 aaa group server radius rad_eap
 server 10.35.80.110 auth-port 1812 acct-port 1813
 !
 aaa authentication login eap_method group rad_eap
 !
 dot11 ssid RSCCIEW
 vlan 80
 authentication open eap eap_method --> also need to add the open EAP for clients which may associate with Repeater AP.
 authentication network-eap eap_method
 authentication key-management wpa version 2
 dot1x credentials LEAP
 dot1x eap profile LEAP
 guest-mode
 infrastructure-ssid
 !
 eap profile LEAP
 method leap
 !
 dot1x credentials LEAP
 username repeater
 password 7 01100F175804
 !
 interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 80 mode ciphers aes-ccm
 !
 ssid RSCCIEW
 !
 station-role repeater
 !
 interface Dot11Radio0.80
 encapsulation dot1Q 80 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
 !
 interface FastEthernet0.80
 encapsulation dot1Q 80 native
 no ip route-cache
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
 !
 interface BVI1
 ip address 10.35.80.111 255.255.255.0
 no ip route-cache
 !
 radius-server host 10.35.80.110 auth-port 1812 acct-port 1813 key 7 030752180500701E1D

This is the notification we get after authentication:

 *Dec 17 10:40:02.500: %DOT11-4-UPLINK_ESTABLISHED: Interface Dot11Radio0, Associated To AP Root-AP 003a.9914.1370 [LEAP WPAv2]

Here is the client status:

Root-AP#sh dot11 associations
 802.11 Client Stations on Dot11Radio0:
 SSID [RSCCIEW] :
 MAC Address    IP address      Device        Name            Parent         State
 2894.0fa8.a594 10.35.80.111    ap1240-Rptr   Repeater-AP     self           EAP-Assoc
 ac7b.a1d1.c289 10.35.80.109    Rptr-client   Repeater-AP     2894.0fa8.a594 EAP-Assoc
 Root-AP#
 Root-AP#sh dot11 ass
 Root-AP#sh dot11 associations  ac7b.a1d1.c289
 Address           : ac7b.a1d1.c289     Name             : Repeater-AP
 IP Address        : 10.35.80.109       Interface        : Dot11Radio 0
 Device            : Rptr-client        Software Version : NONE
 CCX Version       : NONE               Client MFP       : Off
 State             : EAP-Assoc          Parent           : 2894.0fa8.a594
 SSID              : RSCCIEW
 VLAN              : 80
 Hops to Infra     : 0
 Clients Associated: 0                  Repeaters associated: 0
 Root-AP#

In the next post we will learn how to Authenticate Repeater via EAP-FAST.

Advertisements

1 Comment

  1. Pingback: Autonomous AP as Wireless Bridge | Towards CCIE Wireless

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s